![]() ![]() So I swallowed my humble pill and decided that in order to truly make up for it, I must really understand what a TCP SYN flood attack is, by building a tool that does just that. I was very wrong, and I threw a dangerous headline out there that could've sent us down a deep rabbit hole. Turns out, it had nothing to do with SYN floods, nor TCP for that matter. To cut the story short, I ended my research feeling smart and proud, going to management with a fat headline that screamed: We are under a TCP SYN flood attack (!)Įyebrows were raised, concerns were voiced until one of the management team members promptly asked, "but if this is through DNS, then we're looking at UDP packets and not TCP (by default)" which was indeed true. I currently work as a developer at a web security company and one of my tasks is related to the maintenance and development of what is effectively, a glorified open DNS resolver with some quirks and hacks.Īfter being bombarded a couple of times with traffic spikes exceeding 5000% of the normal packet intake on a particular interface, I decided to do some further digging. I believe we should be well aware of certain attacks, in order to effectively defend ourselves against them. Open-sourcing and writing about certain tools such as a TCP SYN flooder is often frowned upon in the infosec community. The tool was named, "Synner"-because it sends SYN packets in rapid succession to a target in order to cause a Denial of Service, which is effectively a crime and a sinful act. The tool itself is still a Work in Progress (WIP) however it's enough to share my experience with low-level networking in Rust. The following blog post goes through the thought and development of a specific DOS attack known as the TCP SYN flood, written in Rust and powered by libpnet. Abstractĭenial-of-Service (DOS) attacks stem all the way from the early 1970s till today, causing excessive damage to organizations across the world. If you want to get past all the boring introductory stuff, please click here. Nor do I guarantee that this won't fry your network card. Disclaimer - I am in no way trying to incentivize users to go and use such tools against targets without receiving full permission to do so.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |